Digital signature systems based on smart card and fingerprint feature

Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer＇s extracted fingerprint features match his stored template. To resist being tampered on public channel, the user＇s message and the signed message are encrypted by the signer＇s public key and the user＇s public key, respectively. In the other signature system, the keys are generated by combining the signer＇s fingerprint features, check bits, and a rememberable key, and there are no matching process and keys stored on the smart card. Additionally, there is generally more than one public key in this system, that is, there exist some pseudo public keys except a real one.

A new modified remote user authentication scheme using smart cards

In 2000, a remote user authentication scheme using smart cards was proposed and the masquerade attacks were proved successful on this scheme. Recently, Kumar has suggested the idea of check digits to overcome the above attacks with a new scheme that removes these threats well. In this paper it is pointed out that the weakness still exists in Kumar＇s scheme, and the intruder can login to the remote system through having some information. A new scheme which can overcome these attacks and appears more secure and efficient than Kumar＇s is presented.

Security Enhanced Anonymous User Authenticated Key Agreement Scheme Using Smart Card

Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.

一种基于Smart Card的远程用户身份验证方案的安全性讨论

身份验证是计算机通信的一个重要方面。由于密码验证协议的简单性,它已经被广泛地用于身份验证。最近,Lee氏等利用Smart Card,提出了一个基于随机数的远程用户验证方案。指出了这个方案并不像其提出者所声称的那样安全,同时提出了两种攻击方法以破解其验证方案。

AN IMPROVED REMOTE PASSWORD AUTHENTICATION SCHEME WITH SMART CARD

This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in our proposed scheme the password is no longer involved in the calculation of verification phase which makes our scheme more secure and costs less than the old one. At last we analyze the performance of our proposed scheme to prove it provides mutual authentication between the user and the server. Moreover, it also resists password guessing attack, server and user masquerade attack and replay attack effectively.

Extracting bus transit boarding stop information using smart card transaction data

The smart card-based automated fare collection （AFC） system has become the main method for collecting urban bus and rail transit fares in many cities worldwide. Such smart card technologies provide new opportunities for transportation data collection since the transaction data obtained through AFC system contains a significant amount of archived information which can be gathered and leveraged to help estimate public transit origin–destination matrices. Boarding location detection is an important step particularly when there is no automatic vehicle location （AVL） system or GPS information in the database in some cases. With the analysis of raw data without AVL information in this paper, an algorithm for trip direction detection is built and the directions for any bus in operation can be confirmed. The transaction interval between each adjacent record will also be analyzed to detect the boarding clusters for all trips in sequence. Boarding stops will then be distributed with the help of route information and operation schedules. Finally, the feasibility and practicality of the methodology are tested using the bus transit smart card data collected in Guangzhou, China.

Security Analysis and Improvement of Authentication Scheme Based on a One-way Hash Function and Diffie-Hellman Key Exchange Using Smart Card

一个新认证计划被 2005 .They 宣称的 Yoon et al.in 基于用智能卡的一个单程的哈希函数和 Diffie-Hellman 关键交换建议建议协议对猜测 attack.In 的口令这篇论文，作者证明 Yoon 的计划对由在 Yoon 的计划的遥远的 system.An 改进由计算负担使用一张偷的智能卡和 DOS 攻击抵抗上述攻击猜测攻击的离线的口令脆弱也被建议。

A Self-Encryption Remote User Anonymous Authentication Scheme Using Smart Cards

Remote user authentication is essential in distributed network environment to protect unauthorized access of a networked system. However, most of those existing remote user authentication schemes have not provided the user identity anonymity, while user anonymity is particularly important in some practical applications. Therefore, based on self-encryption mechanism, a new remote user authentication scheme was proposed. The scheme not only has no need of maintaining a password table at the remote server, but also can protect the user’s anonymity.

Transit smart card data mining for passenger origin information extraction

The automated fare collection(AFC) system,also known as the transit smart card(SC) system,has gained more and more popularity among transit agencies worldwide.Compared with the conventional manual fare collection system,an AFC system has its inherent advantages in low labor cost and high efficiency for fare collection and transaction data archival.Although it is possible to collect highly valuable data from transit SC transactions,substantial efforts and methodologies are needed for extracting such data because most AFC systems are not initially designed for data collection.This is true especially for the Beijing AFC system,where a passenger's boarding stop(origin) on a flat-rate bus is not recorded on the check-in scan.To extract passengers' origin data from recorded SC transaction information,a Markov chain based Bayesian decision tree algorithm is developed in this study.Using the time invariance property of the Markov chain,the algorithm is further optimized and simplified to have a linear computational complexity.This algorithm is verified with transit vehicles equipped with global positioning system(GPS) data loggers.Our verification results demonstrated that the proposed algorithm is effective in extracting transit passengers' origin information from SC transactions with a relatively high accuracy.Such transit origin data are highly valuable for transit system planning and route optimization.

Key Recovery Against 3DES in CPU Smart Card Based on Improved Correlation Power Analysis

The security of CPU smart cards, which are widely used throughout China, is currently being threatened by side-channel analysis. Typical countermeasures to side-channel analysis involve adding noise and filtering the power consumption signal. In this paper, we integrate appropriate preprocessing methods with an improved attack strategy to generate a key recovery solution to the shortcomings of these countermeasures. Our proposed attack strategy improves the attack result by combining information leaked from two adjacent clock cycles. Using our laboratory-based power analysis system, we verified the proposed key recovery solution by performing a successful correlation power analysis on a Triple Data Encryption Standard （3DES） hardware module in a real-life 32-bit CPU smart card. All 112 key bits of the 3DES were recovered with about 80 000 power traces.

Improvement on a Biometric Based User Authentication Scheme in Wireless Sensor Networks Using Smart Cards

With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric based user authentication scheme in wireless sensor networks using smart cards in 2019.But we found that Banerjee et al's authentication scheme is vulnerable to impersonation attacks.In order to overcome the weaknesses of Banerjee et al's scheme,we propose a new authentication scheme.In our proposed scheme,we only use the exclusive-or operation and one-way Hash function for the efficiency,which can reduce the computation burden for the IoT devices.In the authentication and session key agreement phase,the secret registration parameter is not used for the authentication,and the session key is given for the all entities.In the Devol-Yao threat model,the security analysis demonstrates that our proposed authentication scheme can resist well-known attacks.

A high-precision heuristic model to detect home and work locations from smart card data

Smart card-automated fare collection systems now routinely record large volumes of data comprising the origins and destinations of travelers.Processing and analyzing these data open new opportunities in urban modeling and travel behavior research.This study seeks to develop an accurate framework for the study of urban mobility from smart card data by developing a heuristic primary location model to identify the home and work locations.The model uses journey counts as an indicator of usage regularity,visit-frequency to identify activity locations for regular commuters,and stay-time for the classification of work and home locations and activities.London is taken as a case study,and the model results were validated against survey data from the London Travel Demand Survey and volunteer survey.Results demonstrate that the proposed model is able to detect meaningful home and work places with high precision.This study offers a new and cost-effective approach to travel behavior and demand research.

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.＇s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.＇s scheme still cannot achieve the claimed security goals and report its following problems： （1） It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; （2） It fails to provide forward secrecy; （3） It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

Weaknesses and improvements of a remote user authentication scheme using smart cards

In 2005, Liu et al. proposed an improvement to Chien et al.＇s remote user authentication scheme, using smart cards, to prevent parallel session attack. This article, however, will demonstrate that Liu et al.＇s scheme is vulnerable to masquerading server attack and has the system＇s secret key forward secrecy problem. Therefore, an improved scheme with better security strength, by using counters instead of timestamps, is proposed. The proposed scheme does not only achieve their scheme＇s advantages, but also enhances its security by withstanding the weaknesses just mentioned.

A New Secure Password Authentication Scheme Using Smart Cards

Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits： （1） it can resist all the attacks listed in introduction; （2） less storage memory requirement due to no verification table stored in server; （3） low computational cost due to hash functions based operations; （4） even if the smart card is lost, the new system is still secure; （5） As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.

Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.

Anonymous Authentication Scheme Based on Smart Card and Biometrics in the Electronic Medical Environment

With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the electronic medical environment, it is also necessary to consider that the patient may access multiple hospital servers. Based on three factors of smart card, random number and biometrics, an anonymous authentication scheme in the electronic medical environment is proposed. In order to reduce the burden of the medical registration and certification center(HC), in the proposed anonymous authentication scheme, the patient only needs to register with HC once, then he/she can apply for visiting each hospital that has joined the medical servers. Security analysis shows that the proposed scheme has anonymity and dual authentication, and can resist various types of attacks, such as insider attack, modification attack, replay attack and smart card loss attack. Efficiency analysis shows that the calculation cost of the proposed scheme in the registration and login phase is lower, and it is slightly higher than Lei's scheme and Khan et al's scheme in the authentication phase. The proposed scheme can not only resist various types of attacks, but also support dual authentication and multi-server environment. With a little modification, the proposed scheme can also be used to other application scenarios requiring anonymous authentication.

User Authentication Schemes Based on Smart Cards

Three user authentication schemes are proposed. The security of these new schemes is due to the used secure hash functions and the physically secure smart cards.

ActivityNET:Neural networks to predict public transport trip purposes from individual smart card data and POIs

Predicting trip purpose from comprehensive and continuous smart card data is beneficial for transport and city planners in investigating travel behaviors and urban mobility.Here,we propose a framework,ActivityNET,using Machine Learning(ML)algorithms to predict passengers’trip purpose from Smart Card(SC)data and Points-of-Interest(POIs)data.The feasibility of the framework is demonstrated in two phases.Phase I focuses on extracting activities from individuals’daily travel patterns from smart card data and combining them with POIs using the proposed“activity-POIs consolidation algorithm”.Phase II feeds the extracted features into an Artificial Neural Network(ANN)with multiple scenarios and predicts trip purpose under primary activities(home and work)and secondary activities(entertainment,eating,shopping,child drop-offs/pick-ups and part-time work)with high accuracy.As a case study,the proposed ActivityNET framework is applied in Greater London and illustrates a robust competence to predict trip purpose.The promising outcomes demonstrate that the cost-effective framework offers high predictive accuracy and valuable insights into transport planning.